Our agency currently uses MS Exchange Server 2007 on-site and we recently migrated over to Office 365 Pro Plus. Our current encryption is TLS for internal e-mails, and for external, we use Sophos with 'encrypt' in '[]" . With the intent to migrate our exchange server to be at version 2013 on-site, we were hoping to have the following:
internal and external email containing Protected Health Information (PHI) be encrypted to a FIPS 140-2 standard, minimum 128 bit, possibly 256 bit. Also, other counties and government agencies have solutions that will automatically encrypt emails with any string of over 5 digits, formatted like an SSN (xxx-xx-xxxx), or with trigger words “ePHI”, “PHI”, “Secure”, or “confidential”.
Is this possible with 2013 or are we in the realm of exploring 3rd party solutions to obtain this level of security/encryption ?